On Sun, Jul 27, 2014 at 10:56 AM, Paul E Condon <pecon...@mesanetworks.net> wrote: > I've known for a long while that there was something > strange about sending mail via my ISP.
(Piques my curiosity.) > They have made > it clear in that they do not require or use TLS. (Wondering what TLS has to do with strangeness in this case.) > It > occurs to me that perhaps my computer does not have > installed the appropriate certs to function with TLS. My experience is that MUAs really don't mess with certificates. They assume the mail server is legit enough to run through a handshake that involves asymmetric keys, and thus should protect the client from fake servers trying to steal passwords. This approach is considered allowable because you should not really be connecting to random mail servers, and the real server should know how to decrypt your client's encrypted transmission of your password. If you are browsing your mail via the web (thus, https for TLS), your web browser will need certificates for the mail provider's web server. The certificate would be used for the https connection. But that is usually transparent to the user. Pre-installed certificates for everyserver and the kitchen sink on all major browsers including Iceweasel (which I think is a flaw in implementation, but that's a separate issue). > How would I ever have known they were missing if they > were not being used? So maybe their goofyness has allowed me to miss > something that I was doing something wrong from way back when I first got > started > in Debian in about Y2K. Certs are used for https and > these must be on the computer because it manages to > connect to my banks (2) , but maybe the ones needed to do SMTP are some > different? How can I check. The difference is basically in the way you log in. In http, you start without authentication because you're supposed to be starting in surfing mode (which was supposed to be anonymous, which control-freak companies can't stand). The shift from http to https uses a different handshake protocol which involves the assumption that the browser should recognize or not recognize the https connection by the certificate. (See above opinion on the current implementation.) > I have found some instructions for using gmail > as a smart host and I'm trying to follow them, but things are not > working. I hope the instructions you are using are from Google's own pages. > When I press the 'y' key in mutt to send an > email, the message 'sending...' displays in the bottom > line, but it stays there for many minutes when it once would accept an email > is just a few seconds. How can I > find out what is happening during that time? Is there > some debug tool? > > Thoughts or suggestions? > > -- > Paul Delays in connections may be due to using port numbers other than the ones the mail provider asks for, or such things. Or it may be the provider or the MUA falling back from the specified mode, and trying other modes. Now that I think of it, I have definitely seen the latter. Set the MUA to try TLS, but allow fallback, and it has to timeout each attempted connection as it falls back. -- Joel Rees Computer memory is just fancy paper, and the CPU is just a fancy pen. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAAr43iNuSHbzAkMG50wpm=4mjjwxhe1gdvxpyd_rr_huuqf...@mail.gmail.com
